Method and system for storing, retrieving, and managing data for tags

ABSTRACT

This invention relates generally to a method and system for storing, retrieving, and managing data for tags that are associated in some manner to any type of object. More particularly, the present invention writes data to these tags, reads data from these tags, and manages data that is written to and/or read from these tags.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.12/125,998, filed May 23, 2008, which is a division of U.S. patentapplication Ser. No. 10/952,789, filed Sep. 30, 2004, now U.S. Pat. No.7,388,488, which claims priority from U.S. Provisional PatentApplication Ser. No. 60/515,449, filed Oct. 30, 2003, the contents ofall of which is incorporated herein by reference.

FIELD OF THE INVENTION

This invention relates generally to a method and system for storing,retrieving, and managing data for tags that are associated in somemanner to any type of object. More particularly, the present inventionwrites data to these tags, reads data from these tags, and manages datathat is written to and/or read from these tags.

BACKGROUND OF THE INVENTION

This invention involves a method and system for storing, retrieving, andmanaging data for any type of tag that is associated in any type ofmanner to any type of object, physical or abstract, animate orinanimate. A tag is any device that sends, receives and/or stores dataabout whatever it is monitoring or is associated with; it includes manydifferent types such as radio frequency identification device (RFID)tags, laser tags, cellular phones, devices that receive and transmitsignals from television networks, any type of satellite communicationnetwork such as a Global Positioning System (GPS), etc. A tag may bepowered by any type of power source such as a DC power source, an ACpower source, solar, etc. Identification devices are further describedin U.S. Pat. No. 3,752,960 to Charles Walton, entitled, “ElectronicIdentification & Recognition System,” the contents of which are hereinincorporated by reference. The types of objects that may be associatedwith tags include but are not limited to people, animals, plants, thingsof any kind, real property such as houses, lots, condominiums, mobilehomes and townhouses, valuable items such as paintings, diamonds,jewelry, watches, and antiques, movable items such as automobiles,airplanes, military vehicles, bicycles, motorcycles, boats, ships,components thereof, locations, environmental conditions, abstractions,concepts, phenomena, etc. Associations between tags and objects can beof any type including but not limited to one-to-many, many-to-one orone-to-one, physical, logical, etc. Physical associations may includeattaching and/or inserting the tag to its associated object.

The present invention is adapted for a wide variety of uses. Forexample, the method and system of the present invention may be used toauthenticate valuable items, to manage inventory such as the tracking ofobjects of any kind through manufacturing, supply chain, distribution,etc. to the point of sale and beyond, to track the movements of objectssuch as people, animals, plants, movable items, etc., to retrievehistorical data such as price histories from things such as valuableitems and real property, to retrieve any type of health data such asmedical conditions, treatment history, medication instructions, etc.from people and animals, to track any type of health conditions such asheart rate, pulse rate, temperature, the amount of different things inthe blood such as oxygen, sugar, etc. for people and animals.

Many different benefits may arise from the various uses of the presentinvention. For example, its use may decrease the costs of determiningthe value of a thing such as a valuable item because, for instance, theprice history and other similar data for that item could be easilystored and retrieved from its associated tag. The availability of pricehistory from a tag associated with a house as well as that from otherhouses in the same neighborhood may prevent a seller from charging anexcessively high value to a buyer with little or no knowledge of theactual value of the house. Use of the present invention may prevent thefraudulent substitution of a counterfeit for a valuable item becauseidentification data from the item's associated tag could be used toverify that item's authenticity. Use of the present invention mayprevent a car owner from passing off a damaged car as an undamaged oneto an unsuspecting buyer because a car's accident history could bestored and retrieved from the car's associated tag. Use of the presentinvention could prevent the theft of military secrets because clearanceinformation could be easily accessed from the tag associated with aperson to determine whether that person should have access to suchsecrets. Use of the present invention may avoid injury or even death toathletes that may occur while they are performing because their heartrate, temperature, and other medical conditions could be easilymonitored. For similar reasons, a coach could use the present inventionto quickly determine which players are too fatigued to be effective; anathletic recruiter could use the present invention to determine whichplayers are better able to handle the rigors of competition; andathletic trainers could use the present invention to tailor trainingprograms to particular athletes. Use of the present invention may easethe authentication of evidence at trial because chain of custody couldbe easily retrieved from the evidence's associated tag at trial. Use ofthe present invention will further automate and simplify the managementof inventory.

Tags and similar devices have been disclosed in other references but noprior art reference discloses the use of such tags in a system andmethod for storing, retrieving and managing data for a variety ofapplications including authentication, tracking, health care monitoring,health care management, knowledge acquisition, etc. In contrast, forexample, U.S. Pat. Nos. 6,440,096, 5,358,514, 5,193,540, 6,107,102, and6,405,066 discuss the implantation of microdevices in people. U.S. Pat.Nos. 5,606,260, 4,892,709, 5,367,878, 6,152,181, 5,834,790, 5,186,001,5,839,056, and 5,144,298 discuss the use of microdevices as sensors orcontrollers.

Accordingly, there exists a need for a system and method for storing,retrieving, and managing data for any type of tag that is associated inany type of manner to any type of object.

SUMMARY OF THE INVENTION

The invention provides a system and method for storing, retrieving, andmanaging data for any type of tag that is associated in any type ofmanner to any type of object for a variety of applications.

In particular, it is an aspect of the present invention to present asystem for storing, retrieving and managing data for one or more objectscomprising:

one or more tags associated with the one or more objects;

one or more components communicating with at least one of said tags;

at least one receiver for receiving control data and information datafrom at least one of said components into at least one of said tagswherein said information data is about the object that is associatedwith said at least one tag;

at least one transmitter for transmitting at least a portion of saidinformation data to at least one of said components in accordance withsaid control data; and

at least one communication network for facilitating said communicatingamong said components and said tags;

wherein at least one of said components transmits at least one query toreceive at least a portion of said information data about said objectassociated with said at least one tag.

It is a further aspect of the present invention to present a method forstoring, retrieving, and managing data for one or more objectscomprising the steps of:

associating one or more tags with the one or more objects;

communicating with at least one of said tags from one or morecomponents;

receiving control data and information data from at least one of saidcomponents into at least one of said tags wherein said information datais about the object that is associated with said at least one tag;

transmitting at least a portion of said information data from said at,least one tag to at least one of said components in accordance with saidcontrol data; and

transmitting from said at least one of said components at least onequery to receive at least a portion of said information data about saidobject associated with said at least one tag.

It is a further aspect of the present invention to present a method formanaging children comprising the steps of:

associating one or more tags with the one or more children;

transmitting control data and information data to said one or more tags;

receiving said information data into said one or more tags, saidinformation data concerning one or more of the following: the identityof people that came into contact with the one or more children; at leastone measurement of at least one environmental condition to which the oneor more children was exposed, the academic performance of the one ormore children, the athletic performance of the one or more children, atleast one measurement of the medical condition of the one or morechildren; and

transmitting at least a portion of said information data from said atleast one tag in accordance with said control data.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other aspects and features of the invention will be moreclearly understood from the following detailed description along withthe accompanying drawing figures, wherein:

FIG. 1 is a block diagram showing the major operational elements of theinvention.

FIG. 2 is a dataflow diagram describing the storage of data to tags 102that are associated with any kind of object.

FIG. 3 is a dataflow diagram describing the transmission of data fromtags 102.

FIG. 4 a displays a sample fill-out form 400 completed by a parent at aclient computer 106 to control the operation of the child's tag 102.

FIG. 4 b displays a sample fill-out form 450 completed by a parent at aclient computer 106 to retrieve data from the child's tag 102 or from adatabase 110.

FIG. 5 is a data flow diagram 500 illustrating the operation of oneembodiment of a tag for proximity checking

FIGS. 6 a, 6 b, and 6 c show exemplary formats of the tag-identifierbroadcast, the central authority broadcast and the tag identifier mapbroadcast respectively.

FIG. 7 is a data flow diagram illustrating the operation of oneembodiment of a tag for an out-of-proximity alarm.

FIGS. 8 a and 8 b show exemplary formats of the tag-identifier broadcastand the control authority enable/disable respectively.

FIG. 9 is a data flow diagram illustrating the operation of oneembodiment of a tag for a symmetric proximity alarm.

FIGS. 10 a, 10 b, and 10 c show exemplary formats of the tag-identifierbroadcast, the control authority add tag broadcast and the controlauthority delete tag broadcast respectively.

DETAILED DESCRIPTION

The invention provides a system and method for storing, retrieving, andmanaging data for any type of tag that is associated in any type ofmanner to any type of object (physical or abstract, animate orinanimate) for a variety of applications.

While the present invention will be explained within the context ofseveral different applications such as the authentication of objectsincluding valuable items and evidence, and the monitoring of children bytheir parents, the present invention can be applied to any applicationwhich would benefit from the storage, retrieval and management of datafor tags that are associated with any kind of object. These applicationsinclude the exchange of objects such as real property, goods, andservice, monitoring the vital signs of the ill, the elderly andathletes, athletic training programs, monitoring environmentalconditions, traffic, and consumer behavior in various settings such asamusement parks, shopping centers, casinos, tracking the location ofpeople such as prisoners, students, foreigners, military personnel, andworkers in classified areas, tracking the location of goods of any typesuch as inventory from manufacturing, the supply chain, distribution,etc. to the point of sale and beyond, tracking the location ofclassified material, tracking the manufacturing, sale and repairhistories of goods such as machinery, cars, airplanes, trains, andcomponents thereof, monitoring movement of people and things such asvehicles, traffic, etc. at locations such as a battlefield, a highway,etc., monitoring the flow of oil and other fluids in pipelines, etc.

FIG. 1 is a block diagram 100 showing the major operational elements ofthe invention. The invention may include one or more tags 102 that maybe associated with objects of any type including people, animals,plants, things of any kind, real property such as houses, lots,condominiums, mobile homes and townhouses, valuable items such aspaintings, diamonds, jewelry, watches, and antiques, vehicles such asautomobiles, airplanes, military vehicles, bicycles, motorcycles, boats,ships, components, locations, environmental conditions, abstractions,concepts, phenomena, etc. Associations between tags and objects can beof any type including one-to-many, many-to-one or one-to-one. Theseassociations may be physical, logical, etc. Physical associations mayinclude attaching and/or inserting the tag to or in its associatedobject. Logical associations may include information in a database suchas a table that may establish a correspondence between one or more tagsand one or more objects by their identification numbers.

The tags 102 may be one of a variety of a different types includingRadio Frequency Identification Device (RFID) tags, laser tags, cellularphones, devices that receive and transmit signals from a GlobalPositioning System (GPS), etc. The tags 102 may be powered by any kindof power source such as a DC power source, an AC power source, solarpower, etc. Each tag 102 may have the ability to receive data, storedata, sense data and/or transmit data. Data may be received andtransmitted to other tags 102, sensors 104, computers 106, and databasemanagement systems 110. The tags 102 may have the ability to sense datafrom its associated object, its environment, etc. Data sensed from anassociated object such as a person or animal may include medical datasuch as temperature, oxygen content in the blood, heart rate, etc. Datasensed from the environment may include the content of various gases,poisons, and pollutants in the air or water, the temperature, thehumidity, barometric pressure, chemicals, motion, light, sound, etc.

The present invention 100 may further include sensors 104. Sensors 104may be of any type and may sense any kind of data. Sensors 104 may bepowered by any type of power source such as an AC power source, a DCpower source, solar power, etc. Sensors 104 may include thermometers,motion detectors, Global Positioning System (GPS) devices, chemicalsensors, etc. Computers 106 may include database management systems 110for the storage and management of data associated with tags 102 in anyway including data transmitted to and/or retrieved from the tags 102.Data may be transmitted to tags 102 from computers 106 for storagewithin the tags 102 and may be transmitted from the tags 102 tocomputers 106. Data retrieved from tags 102 may be stored and managed indatabase management system 110.

The present invention may further include a communication network 114,which may include a variety of different types of components andsoftware to communicate different types of data among the tags 102,sensors 104, computers 106, etc. These components and software mayinclude modulator/demodulators (modems), satellites, up and downfrequency converters including those for communications with thesatellites, audio/video encoders, routers, hubs, bridges, etc. In oneembodiment, the communication network 114 may be a cellular telephonenetwork. In another embodiment, the communication network 114 may be anytype of satellite network such as GPS. In another embodiment, thecommunication network may be a television network. In anotherembodiment, the communication network 114 may include the Internet.Communication may be accomplished on the Internet by one or moreinternet applications, including the World Wide Web. Communicationnetwork 114 may be an intranet or an extranet. An intranet is a privatenetwork typically a local area network (LAN) or a wide area network(WAN) that enables the use of Internet-based applications in a secure,private environment. Extranets are intranet-type networks that linkmultiple sites or organizations using intranet related technologies.

The World Wide Web is built on a protocol called the Hypertext TransportProtocol (HTTP). Computers 106 may include browser software 108 forrequesting data input by tags 104 and sensors 102, and/or data stored ina database management system 110. Requests for data from browsersoftware 108 may be handled by server software 109. The server software109 may locate the requested data and may transmit it to the requestingbrowser software 108. Computers 106 may further include applicationserver software 111, which may extend the capabilities of the serversoftware 109. In particular, the application server software 111 maypre-process a page of data before it is sent to the requesting browsersoftware 108.

In one embodiment, the application server software 111 is a Cold Fusionapplication. Cold Fusion is a World Wide Web application for creatingdynamic page applications and interactive Web sites by combiningstandard Hypertext Markup Language (HTML) files with Cold Fusion MarkupLanguage (CFML) instructions, as specified in “The Macromedia ColdFusion 5 Web Application Construction Kit,” Ben Forta and Nate Weiss,Fourth Edition, (hereinafter, “Cold Fusion 5”), Chapter 1, the contentsof which are herein incorporated by reference. HTML is a page markuplanguage that enables the creation and layout of pages and forms. In oneembodiment of the present invention, a Cold Fusion application definesfill-out forms for entry of data including the data to control theoperation of the tags 102 and sensors 104 and queries for data.

In one embodiment, a Cold Fusion application 111 is used to retrieve orupdate data in the database management system 110. The Cold Fusionapplication 111 may access the database management system 110 through aninterface called Open Database Connectivity (ODBC), which is a standardApplication Programming Interface (API) for accessing information fromdifferent database systems and different formats, as explained inColdFusion 5, Chapter 6, the contents of which are herein incorporatedby reference.

In an alternate embodiment, data may be input using a program written ina language that manipulates text, files and information. An exemplarylanguage is PERL as specified in “Programming Perl,” Larry Ward andRandal L. Schwartz, O'Reilly & Associates, Inc., March 1992, thecontents of which are herein incorporated by reference.

The database 110 may be a distributed database, which may be storedamong many computers 106 or may be a central database. Database 110 maybe of any type including a relational database or a hierarchicaldatabase. Databases and database management systems are described inDatabase System Concepts, Henry F. Korth, Abraham Silberschatz,McGraw-Hill 1986, Chapter 1, the contents of which are hereinincorporated by reference. Exemplary databases 110 include: MicrosoftStructured Query Language (SQL) Server, Microsoft Access 1.0, 2.0 and7.0, Microsoft FoxPro 2.0, 2.5 and 2.6, Oracle 7.0, Borland Paradox 3.Xand 4.X, Borland dBase III and dBase IV, and Microsoft Excel 3.0, 4.0and 5.0.

In one embodiment, data is retrieved, inserted, updated or deleted fromdatabase 110 using Structured Query Language (SQL). SQL is described in“SAMS Teach Yourself SQL,” 2_(nd) Edition, Ben Forta, the contents ofwhich are herein incorporated by reference.

The present invention may include additional components to manage thedata received from tags 102, sensors 104 and elsewhere. These additionalcomponents may include a search tool. In one embodiment, the search toolis Verity. Data may be organized into one or more collections. Veritymay then be used to index the collection and compile metadata about thecollection to enable it to search the collection quickly. Conceptually,Verity's usefulness is attributed to its ability to index and compileinformation about the collection and use this information to quicklysearch the collection when asked to do so. Searches and queries may bespecified using Verity operators including concept operators such asSTEM, WORD, and WILDCARD, proximity operators such as NEAR and PHRASE,relation operators such as CONTAINS, MATCHES, STARTS, ENDS andSUBSTRING, search modifiers such as CASE, MANY, NOT, and ORDER and scoreoperators such as YES NO, COMPLEMENT, PRODUCT, and SUM. Search forms andsearch results pages may be defined using HTML with Cold Fusion tags.The creation and searching of collections, and the display of searchresults using Verity is described in ColdFusion 5, Chapter 36, thecontents of which are herein incorporated by reference. Web Browsersoftware 108 may display the web pages from the server software 109including the fill-out form for data input, the fill-out form for inputof search criteria and the search results text data. The presentinvention may also display audio and video data input by tags 102 andsensors 104 using an on-demand video and audio streaming server, such asRealServer as explained in “RealServer Administration and ContentCreation Guide”, the contents of which are herein incorporated byreference.

In another embodiment, the search engine may be a commercial searchengine such as Alta Vista, Google, Yahoo, etc. A commercial searchengine may be integrated into the present invention using Cold Fusiontags as explained in ColdFusion 5, Chapter 36.

Before performing the search, the search engine may optimize the queriesas specified in Database System Concepts, Henry F. Korth, AbrahamSilberschatz, McGraw-Hill 1986, Chapter 9, the contents of which areherein incorporated by reference.

FIG. 2 is a dataflow diagram 200 describing the storage of data to tags102 that are associated with any kind of object. A dataflow diagram is agraph whose nodes are processes and whose arcs are dataflows. See ObjectOriented Modeling and Design, Rumbaugh, J., Prentice Hall, Inc. (1991),Chapter 1, the contents of which are herein incorporated by reference.The data may consists of control data that governs the operation of thetag 102 such as by defining what types of data the tag 102 is authorizedto receive and/or transmit, the identification of those components(i.e., other tags 102, computers 106, browser software 108, serversoftware 109, sensors 104, etc.) that may transmit data to or receivedata from the tag 102, and may consists of information for storagewithin the tag 102. In step 202, the tag 102 may await the receipt ofdata. Control proceeds to step 204 when data is received. In step 204,the tag 102 may receive data, which may have been transmitted from anytype of component including but not limited to a computer 106, browsersoftware 108, server software 109, a database 110, a sensor 104, anothertag 102, itself, etc. In step 206, a check may be done to determinewhether or not the received data is authorized to be stored in the tag102. Step 206 may including checking whether the source of the data hasthe authority to store the type of data that was received at the tag102.

The checking may be performed by a variety of different techniquesincluding but not limited to those using cryptography, the art andscience of keeping messages secure, and any other type of securecommunication including an intranet, a virtual private network (VPN),etc. Cryptography may be used in the present invention forauthentication, integrity and/or non-repudiation. Authentication enablesa receiver of a message to ascertain its origin. Integrity enables areceiver of a message to verify that the message has not been modifiedin transit. Non-repudiation prevents a sender of a message from falselydenying that it did indeed send the message.

In one embodiment, a symmetric algorithm is used. With symmetricalgorithms, the encryption key can be calculated from the decryption keyand vice versa. The key must remain secret to keep the communicationsecret. In another embodiment, a public key algorithm (also calledasymmetric algorithm) is used. With a public key algorithm, thedecryption key cannot be computed from the encryption key in areasonable amount of time. The encryption key is made public and iscalled the public key. The decryption key is kept secret and is calledthe private key. In another embodiment, digital signatures may be used.With digital signatures, a message is encrypted with a private key by asender, thereby signing the message and decrypted with a public key bythe recipient, thereby verifying the signature. Exemplary digitalsignature algorithms include Rivest-Shamir-Adelman (RSA) and the DigitalSignature Algorithm (DSA) proposed by the National Institute ofStandards and Technology (NIST). Cryptography, including symmetricalgorithms, public-key algorithms and digital signatures are describedin “Applied Cryptography” by Bruce Schneier, Chapters 1, 2, 19 and 20,the contents of which are herein incorporated by reference.

In another embodiment, the checking may be done by some form of passwordverification.

If the check in step 206 indicates that the received data is authorizedto be stored in the tag 102, then control proceeds to step 208. In step208, the data is stored in the tag 102. After step 208, control proceedsto step 202, where the tag 102 waits for the receipt of new data. If thecheck in step 206 indicates that the received data is not authorized tobe stored in the tag 102, then control returns to step 202.

FIG. 3 is a dataflow diagram 300 describing the transmission of datafrom tags 102. In step 302, a check is performed to determine whetherthe tag 102 should be transmitting data without solicitation and if so,what type of data it should be transmitting. This may be done bychecking control settings within the tag 102. If the check in step 302indicates that the tag 102 should be transmitting data, control proceedsto step 304. In step 304, a check is performed to determine whether thedata should be transmitted at that time. This check can be done bycomparing a clock in the tag 102 to a predetermined time setting. If thecheck in step 304 indicates that data should be transmitted, thencontrol proceeds to step 308. Otherwise, control remains in step 304. Instep 308, the data is transmitted from the tag 102. After step 308,control returns to step 302.

In step 310, the tag 102 awaits a request for data. Control remains instep 310 until such a request is received after which it proceeds tostep 312. In step 312, the tag 102 may receive the request, which mayhave been transmitted from any type of component including but notlimited to a client 106, a server 108, a database 110, a sensor 104,another tag 102, etc. In step 312, a check may be done to determinewhether or not the received request is authorized to receive a responsein the tag 102. Step 312 may include checking whether the source of therequest has the authority to receive the type of data that is requested.The checking may be performed by a variety of different techniquesincluding those using cryptography, as explained in detail above. Thechecking may alternatively be done by some form of passwordverification. If the check in step 312 indicates that the request isauthorized to receive data in response, then control proceeds to step314. In step 314, the requested data is transmitted to the source of therequest. After step 314, control proceeds to step 310, where the tag 102waits for the receipt of a new request. If the check in step 312indicates that the request is not authorized to receive data inresponse, then control returns to step 310.

In one embodiment, communication between one or more of the tags 102 andone or more of the sensors 104 with the server software 109 may beperformed using a Wireless Application Protocol (WAP), which isdescribed in ColdFusion 5, Chapter 34, the contents of which areincorporated by reference.

The present invention may have many different uses. For example, itcould be used by parents to monitor their children's activities. Aparent may associate a tag 102 to a child by any means such as byphysically attaching or implanting the tag 102 on the child. Frombrowser software 108 or elsewhere, a parent may transmit control data tothe child's tag 102 to indicate that the tag 102 should accept data fromother tags 102 associated with particular people, sensors 104 such asglobal positioning system (GPS) satellites identifying the child'slocation throughout the day or environmental sensors 104 identifying thecontent of the air or water (i.e., toxins) to which the child isexposed. The tag 102 on the child executes the process for the storageof data in tags 102 illustrated by the flow diagram of FIG. 2 in orderto analyze and store the control information sent by the parent. At asubsequent time, the parent may transmit one or more queries frombrowser software 108 or elsewhere to learn the identity of the peoplethat came into contact with the child, to retrieve test scores or notesfrom a teacher that the child may have received that day, the quality ofthe air and water to which the child was exposed and the child'smovements. The tag 102 associated with the child executes the processfor transmitting data from the child's tag 102 illustrated by the flowdiagram of FIG. 3 in order to respond to the parent's query.

The parent may, in the alternative, transmit additional control data tothe child's tag 102 from browser software 108 or elsewhere instructingthe child's tag to periodically transmit data from the tag 102 to adatabase 110. At any subsequent time, the parent may transmit one ormore queries from browser software 108 or elsewhere to a database 110 tolearn the same information about the child.

FIG. 4 a displays a sample fill-out form 400 completed by a parent atbrowser software 108 or elsewhere to control the operation of thechild's tag 102. The fill-out form may contain one or more of thefollowing fields:

Authorized Components For Receipt Table 402: This field specifies thecomponents (i.e., tags, sensors, etc.) from which the child's tag mayreceive data.

Authorized Data For Receipt Table 404: This field specifies the types ofdata (i.e., data identifying the people associated with the tags 102with which the child came into contact, test scores, teacher notes,environmental data, location data, etc.) that the child's tag 102 mayreceive.

Authorized Components For Transmission Table 406: This field specifiesthe components (i.e., database 110, etc.) to which the child's tag maytransmit data.

Authorized Data For Transmission 408: This field specifies the types ofdata that the child's tag 102 may transmit.

FIG. 4 b displays a sample fill-out form 450 completed by a parent atbrowser software 108 or elsewhere to retrieve data from the child's tag102 or from a database 110. The fill-out form may contain one or more ofthe following fields:

Identification Query 452: This field requests the identify of the taggedobjects such as people and animals that came into contact with thechild.

Environmental Query 454: This field requests the content of the waterand air to which the child had contact.

Performance Query 456: This field requests data on the child's behavior,academic performance, and athletic performance.

The present invention may be used to authenticate objects such asvaluable items, sports memorabilia, and evidence. A vendor may associatea tag 102 to a valuable item such as a diamond or painting by any meanssuch as by physically attaching or implanting the tag 102 on the item.From browser software 108 or elsewhere, a vendor may transmit controldata to the object's tag 102 to indicate that the tag 102 should acceptdata from other tags 102 identifying the people associated with theother tags 102, sensors 104 such as global positioning system (GPS)satellites identifying the object's location throughout the day orenvironmental sensors 104 identifying the content of the air or water(i.e., toxins) to which the object is exposed. The tag 102 on the objectexecutes the process for the storage of data in tags 102 illustrated bythe flow diagram of FIG. 2 in order to analyze and store the controlinformation sent by the vendor. At a subsequent time, the vendor cantransmit one or more queries from browser software 108 or elsewhere tolearn the identity of the people that handled the object, the quality ofthe air and water to which the object was exposed, the object'smovements, the chain of title, the chain of possession, and the identityof the object's manufacturers, retailers, and distributors. The tag 102associated with the object executes the process for transmitting datafrom the object's tag 102 illustrated by the flow diagram of FIG. 3 inorder to respond to the vendor's query.

The vendor may, in the alternative, transmit additional control data tothe object's tag 102 from browser software 108 or elsewhere instructingthe object's tag 102 to periodically transmit data from the tag 102 to adatabase 110. At any subsequent time, the vendor may transmit one ormore queries from browser software 108 or elsewhere to the database 110to learn information about the object.

Another embodiment of the invention performs proximity tracking. In thisembodiment, an event may be recorded within a tag when it comes within arange of other tags. These recorded events may be later sent to adatabase. This embodiment may be used generally to track the objectsthat have come into proximity with another object. For example, thisembodiment may be used to track the people that have come into contactwith a child or the places where a child has been. This embodiment mayalso be used to track the movement of objects with respect to locationswithin a secure facility.

In one embodiment, the tags may contain one or more of the following: aradio transmitter, a radio receiver, a memory, control software, aprocessor and a clock. The memory may include a RAM and a ROM. Thecontrol software may be stored in the ROM. The processor may be of atype that consumes less power.

The tags may contain one or more data structures including a tagidentifier, a tag identifier map and a time field. The tag identifiermay be a variable length string of up to 255 bytes and may be used todistinguish tags from each other. The tag identifier map may map a tagidentifier to a public key and a counter. In one embodiment, the tagidentifier map is implemented with a hash table. In another embodiment,the tag identifier is implemented with a binary search tree. The tagidentifier map may be initialized with the public keys of certain tagssuch as those that are expected to be encountered and/or those that aredetermined to be sensitive. This scheme enables tags to quickly discardmessages from tags with invalid signatures. Entries in the tagidentifier map may be discarded after the map becomes full. Entries maybe discarded in any order such as first-in-first-out (FIFO), leastrecently used (LRU), etc. The time field may be a four byte unsignedinteger and may contain the current time in any form such as GreenwichMean Time (GMT).

FIG. 5 is a data flow diagram 500 illustrating the operation of oneembodiment of a tag for proximity checking. The tag waits for aninterrupt in step 502. In step 504, the type of interrupt is determined.If the interrupt is a received interrupt, control proceeds to step 506.In step 506, the protocol identifier of the received broadcast isdetermined. The protocol identifier may be of different types such as atag-identifier broadcast, a tag identifier map broadcast, etc. Exemplaryformats of the tag-identifier broadcast, the central authority broadcastand the tag identifier map broadcast are shown in FIGS. 6 a, 6 b, and 6c respectively. The broadcasts may be encapsulated in a wirelessbroadcast packet at the network-interface layer and multi-byte valuesmay be transmitted in big endian order. The signatures may be RSAsignatures. The signature in the tag identifier broadcast may be takenover the tag identifier and current time fields. The signature in thecentral authority broadcast may be taken over the current time field.One or more of the fields excluding the protocol identifier in the tagidentifier map broadcast may be encrypted with the public key of thecentral authority. The signature in the tag identifier may be taken overone or more of the fields following the current time.

If the protocol identifier is a tag identifier broadcast, controlproceeds to step 508. In step 508, the tag identifier of the tagidentifier broadcast is checked to determine if it is valid. If it isnot valid, the broadcast is ignored and control returns to step 502. Ifit is valid, control proceeds to step 510. In step 510, the time in thetag identifier broadcast is checked to determine whether it is withinone minute of the current time. If it is not, then the broadcast isignored and control returns to step 502. If it is, then control proceedsto step 512. In step 512, the tag identifier in the tag identifierbroadcast is checked to determine whether it is present in the tagidentifier map (i.e., has been previously encountered by the tag). Ifnot, control proceeds to step 514. In step 514, a new entry is createdfor the tag identifier in the tag identifier map and the number ofencounters for that entry is set to one. Control then proceeds to step502.

If the tag identifier is determined to be present in the tag identifiermap in step 512, then control proceeds to step 516. In step 516, it isdetermined whether the tag identifier in the tag identifier broadcasthas a public key. If so, then control passes to step 518. In step 518,the public key is used to verify the signature. If the signatureverification in step 518 is not successful, then the broadcast isignored and control returns to step 502. If the signature verificationin step 518 is successful, then control proceeds to step 520. In step520, the number of encounters for the tag identifier in the tagidentifier map is incremented.

If the protocol identifier is determined to be a central authoritybroadcast in step 506, then control proceeds to step 522. In step 522,the time in the central authority broadcast is checked to determine ifit is within one minute of the current time. If not, then the broadcastis ignored and control returns to step 502. If so, control proceeds tostep 524. In step 524, the public key of the central authority is usedto verify the signature in the central authority broadcast. If thesignature verification is not successful, then the broadcast is ignoredand control returns to step 502. If the signature verification in step524 is successful, then control proceeds to step 526. In step 526, thetag identifier map is encrypted with the central authority public key.In step 528, the encrypted tag identifier map is broadcast. Control thenreturns to step 502.

If the interrupt is determined to be a timer interrupt in step 504,control proceeds to step 530. In one embodiment, the timer interruptoccurs every 15 seconds. In step 530, the signature is created using thetag's private key. In step 532, the signature, the tag identifier, andthe current time are written to the tag identifier broadcast. In step534, the tag identifier broadcast is broadcast. Control then returns tostep 502.

The embodiment of FIG. 5 has a number of advantages. The signature makesit infeasible for any preregistered tag to spoof a real tag. Replayattacks are blocked by the time stamp.

The private keys may be secured; the central authority may be in asecure location; and the tags may be tamper-resistant. These optionsprevent one tag from repudiating contact with another tag. A replacementstrategy may be used to prevent attempts to flood the tag identifier mapby broadcasting of spurious tag identifiers. In another embodiment, aglobal public/private key pair may be used to authenticate broadcasts.

Another embodiment of the invention sounds an alarm within apredetermined time if a tag goes outside a particular range of one ormore other tags. In one embodiment, the range is a mutualtransmit/receive range. In one embodiment the predetermined time issixty seconds. One tag may be physically attached to a sensitive objectthat must not leave a secure area. The other tag may be built into asecure, immobile location such as a floor or ceiling or may be carriedby authorized personnel. In one embodiment, a protocol enables anddisable tags so that objections can be removed by authorized parties.

This embodiment may be used to alert security personnel to the movementof objects out of a secure facility, to alert employees to theft ofinventory from a store, to alert a parent or day-care provider to achild that strays outside of a certain area, to alert a person to thetheft of a motor vehicle, or to the theft of valuable objects from thehome, to alert a escort in a secure facility of abandonment by a guest,to alert the authorities of the escape of a criminal from prison or froma house for those criminals under house arrest, etc.

In one embodiment, the tags may contain one or more of the following: aradio transmitter, a radio receiver, a memory, control software, aprocessor, a clock and an audible alarm. The memory may include a RAMand a ROM. The control software may be stored in the ROM. The processormay be of a type that consumes less power.

The tags may contain one or more data structures including a tagidentifier, a tag identifier of a partner tag, a private key for thetag, a public key for the partner tag, a public key of a controlauthority, an alarm counter, an enable flag and a time field. The tagidentifier may be a variable length string of up to 255 bytes and may beused to distinguish tags from each other. The tag identifier of thepartner tag may be a variable length string of up to 255 bytes. Theprivate and public keys may be 16 bytes. The alarm counter may be fourbytes. The enable flag may be four bytes. The time field may be a fourbyte unsigned integer and may contain the current time in any form suchas Greenwich Mean Time (GMT).

FIG. 7 is a data flow diagram 700 illustrating the operation of oneembodiment of a tag for an out-of-proximity alarm. The tag waits for aninterrupt in step 702. In step 704, the type of interrupt is determined.If the interrupt is a received interrupt, control proceeds to step 706.In step 706, the protocol identifier of the received broadcast isdetermined. The protocol identifier may be of different types such as atag-identifier broadcast, a control-authority broadcast (including acontrol authority enable and a control authority disable), etc.Exemplary formats of the tag-identifier broadcast and the controlauthority enable/disable are shown in FIGS. 8 a and 8 b, respectively.The broadcasts may be encapsulated in a wireless broadcast packet at thenetwork-interface layer and multi-byte values may be transmitted in bigendian order. The signature in the tag identifier broadcast may be takenover the tag identifier and current time fields. The signature in thecontrol-authority broadcast may be taken over the current time field.The signatures may be RSA signatures.

If the protocol identifier is a tag identifier broadcast, controlproceeds to step 708. In step 708, the tag identifier of the tagidentifier broadcast is checked to determine if it is valid. If it isnot valid, the broadcast is ignored and control returns to step 702. Ifit is valid, control proceeds to step 710. In step 710, the time in thetag identifier broadcast is checked to determine whether it is withinone minute of the current time. If it is not, then the broadcast isignored and control returns to step 702. If it is, then control proceedsto step 712. In step 712, the public key of a partner tag may be used toverify the signature in the tag-identifier broadcast. If the signatureverification in step 712 is not successful, then the broadcast isignored and control returns to step 702. If the signature verificationin step 712 is successful, then control proceeds to step 714. In step714, the alarm counter is reset to zero.

If the protocol identifier is determined to be a control authorityenable broadcast in step 706, then control proceeds to step 716. In step716, the time in the control authority enable broadcast is checked todetermine if it is within one minute of the current time. If not, thenthe broadcast is ignored and control returns to step 702. If so, controlproceeds to step 718. In step 718, the public key of the controlauthority is used to verify the signature in the control authorityenable broadcast. If the signature verification is not successful, thenthe broadcast is ignored and control returns to step 702. If thesignature verification in step 718 is successful, then control proceedsto step 720. In step 720, the enable flag is set to one. Control thenreturns to step 702.

If the protocol identifier is determined to be a control authoritydisable broadcast in step 706, then control proceeds to step 722. Instep 722, the time in the control authority disable broadcast is checkedto determine if it is within one minute of the current time. If not,then the broadcast is ignored and control returns to step 702. If so,control proceeds to step 724. In step 724, the public key of the controlauthority is used to verify the signature in the control authorityenable broadcast. If the signature verification is not successful, thenthe broadcast is ignored and control returns to step 702. If thesignature verification in step 724 is successful, then control proceedsto step 726. In step 726, the enable flag is set to zero. Control thenreturns to step 702.

If the interrupt is determined to be a timer interrupt in step 704,control proceeds to step 728. In one embodiment, the timer interruptoccurs every six seconds. In step 728, the enable flag is added to thealarm counter. In step 730 the alarm counter is checked to determine ifit is greater than a limit. In one embodiment, the limit may be 10seconds. If the alarm counter is greater than the limit, controlproceeds to step 732. In step 732, the tag sounds an alarm. Control thenproceeds to step 702.

If the alarm counter is determined to be less than or equal to the limitin step 730, then control proceeds to step 734. In step 734, a signatureis created using the tag's private key. In one embodiment, the signatureis taken over the tag identifier of a partner and the current time. Instep 736, the signature, the protocol identifier, the tag identifier ofa partner, and the current time are written to the tag identifierbroadcast. In step 738, the tag identifier broadcast is broadcast.Control then returns to step 702.

The embodiment of FIG. 7 has a number of advantages. The signature makesit infeasible for a phony partner tag to spoof a real tag. The signaturealso makes it infeasible for a phony control authority to disable a tag.Replay attacks are blocked by the time stamp. Destroying a tag soundsthe alarm of a partner tag.

Another embodiment of the invention sounds an alarm if a tag comeswithin a particular range of one or more other tags. Each tag maymaintain a sensitive tag list of such other tags that cause its alarm tosound. In one embodiment, the range is a mutual transmit/receive range.One tag may be physically attached to a sensitive object that must notenter a secure area. The other tag may be built into a secure, immobilelocation such as a floor or ceiling or may be carried by authorizedpersonnel. This embodiment may include a protocol for adding tags to anddeleting tags from the sensitive tag list.

This embodiment may be used to alert security personnel to the movementof objects such as dangerous or hazardous object into a sensitivefacility, to alert employees to inventory that is being carried near theexit of a store, to alert a parent or child-care provider to themovement of a child toward a dangerous area or to designated persons, towarn a pedestrian who is approaching a hazardous area, to warn amotor-vehicle driver who is approaching hazardous conditions, to alertsecurity personnel to visitors who are entering or approaching arestricted area, etc.

In one embodiment, the tags may contain one or more of the following: aradio transmitter, a radio receiver, a memory, control software, aprocessor, a clock and an audible alarm. The memory may include a RAMand a ROM. The control software may be stored in the ROM. The processormay be of a type that consumes less power.

The tags may contain one or more data structures including a tagidentifier, a private key for the tag, a public key of a controlauthority, a tag identifier map, and a time field. The tag identifiermay be a variable length string of up to 255 bytes and may be used todistinguish tags from each other. The private and public keys may be 16bytes. The tag identifier map may map a sensitive tag identifier to apublic key. The tag identifier map may be implemented by a hash table ora binary search tree. Entries in the tag identifier map may expire inleast-recently-used order if the tag identifier map becomes full. Thetime field may be a four byte unsigned integer and may contain thecurrent time in any form such as Greenwich Mean Time (GMT).

FIG. 9 is a data flow diagram 900 illustrating the operation of oneembodiment of a tag for a symmetric proximity alarm. The tag waits foran interrupt in step 902. In step 904, the type of interrupt isdetermined. If the interrupt is a received interrupt, control proceedsto step 906. In step 906, the protocol identifier of the receivedbroadcast is determined. The protocol identifier may be of differenttypes such as a tag-identifier broadcast, a control-authority add tagbroadcast, a control authority delete tag broadcast, etc. Exemplaryformats of the tag-identifier broadcast, the control authority add tagbroadcast and the control authority delete tag broadcast are shown inFIGS. 10 a, 10 b, and 10 c respectively. The broadcasts may beencapsulated in a wireless broadcast packet at the network-interfacelayer and multi-byte values may be transmitted in big endian order. Thesignatures may be RSA signatures. The signature in the tag identifierbroadcast may be taken over the tag identifier and current time fields.The signature in the control-authority add tag broadcast may be takenover the target tag identifier, the sensitive tag identifier, thesensitive tag public key and the current time field. The signature inthe control-authority delete tag broadcast may be taken over the targettag identifier, the sensitive tag identifier, and the current timefield.

If the protocol identifier is a tag identifier broadcast, controlproceeds to step 908. In step 908, the tag identifier of the tagidentifier broadcast is checked to determine if it is in the tag's listof sensitive tags. If it is not in the list of sensitive tags, thebroadcast is ignored and control returns to step 902. If it is in thelist of sensitive tags, control proceeds to step 910. In step 910, thetime in the tag identifier broadcast is checked to determine whether itis within one minute of the current time. If it is not, then thebroadcast is ignored and control returns to step 902. If it is, thencontrol proceeds to step 912. In step 912, the public key of the tagidentifier in the tag identifier broadcast may be used to verify thesignature in the tag-identifier broadcast. If the signature verificationin step 912 is not successful, then the broadcast is ignored and controlreturns to step 902. If the signature verification in step 912 issuccessful, then control proceeds to step 914. In step 914, the alarmsounds.

If the protocol identifier is determined to be a control authority addtag broadcast in step 906, then control proceeds to step 916. In step916, the target tag identifier is checked to determine if it matches thetag identifier of the tag receiving the broadcast. If there is not amatch, the broadcast is ignored and control returns to step 902. Ifthere is a match, control proceeds to step 918. In step 918, the time inthe control authority add tag broadcast is checked to determine if it iswithin one minute of the current time. If it is not, then the broadcastis ignored and control returns to step 902. If it is within one minute,control proceeds to step 920. In step 920, the public key of the controlauthority is used to verify the signature in the control authority addtag broadcast. If the signature verification is not successful, then thebroadcast is ignored and control returns to step 902. If the signatureverification in step 920 is successful, then control proceeds to step922. In step 922, the sensitive tag identifier in the control authorityadd tag broadcast and its public key are stored in the tag identifiermap. Control then returns to step 902.

If the protocol identifier is determined to be a control authoritydelete tag broadcast in step 906, then control proceeds to step 924. Instep 924, the target tag identifier is checked to determine if itmatches the tag identifier of the tag receiving the broadcast. If thereis not a match, the broadcast is ignored and control returns to step902. If there is a match, control proceeds to step 926. In step 926, thetime in the control authority delete tag broadcast is checked todetermine if it is within one minute of the current time. If it is not,then the broadcast is ignored and control returns to step 902. If it iswithin one minute, control proceeds to step 928. In step 928, the publickey of the control authority is used to verify the signature in thecontrol authority delete tag broadcast. If the signature verification isnot successful, then the broadcast is ignored and control returns tostep 902. If the signature verification in step 928 is successful, thencontrol proceeds to step 930. In step 930, the sensitive tag identifierin the control authority delete tag broadcast and its public key areremoved from the tag identifier map. Control then returns to step 902.

If the interrupt is determined to be a timer interrupt in step 904,control proceeds to step 932. In one embodiment, the timer interruptoccurs every fifteen seconds. In step 932, a signature is created usingthe tag's private key. In one embodiment, the signature is taken overthe tag identifier and the current time. In step 934, the signature, theprotocol identifier, the tag identifier, and the current time arewritten to the tag identifier broadcast. In step 936, the tag identifierbroadcast is broadcast. Control then returns to step 902.

The embodiment of FIG. 9 has a number of advantages. The signature makesit infeasible for a phony sensitive tag to spoof a real tag. Thesignature also makes it infeasible for a phony control authority to addor delete a tag. Replay attacks are blocked by the time stamp. Tags maybe made to be resistant to tampering to lessen their vulnerability tophysical destruction or removal.

While the above invention has been described with reference to certainpreferred embodiments, the scope of the present invention is not limitedto these embodiments. One skilled in the art may find variations ofthese preferred embodiments which, nevertheless, fall within the spiritof the present invention, whose scope is defined by the claims set forthbelow.

1. A system for managing data for one or more objects comprising: one ormore tags associated with the one or more objects, the one or more tagsoperative to receive and/or transmit data, said data comprising (1)object data relating to the one or more objects associated with the oneor more tags, (2) control data, or (3) both; one or more componentscommunicating with said one or more tags; and at least one database forstoring at least some of the object data, wherein access to the objectdata in the database is governed at least in part by said control data;wherein said data relating to the object comprises one or more of thefollowing: a location of the one or more objects, a time at which theone or more objects was at the location, the identity of people thattook or released possession of the one or more objects, the identity ofpeople that came into contact with the one or more objects, at least onemeasurement of at least one environmental condition to which the one ormore objects were exposed, a weight of the one or more objects, a timeat which the one or more objects had the weight, dimensions of the oneor more objects, and a time at which the one or more objects had thedimensions.
 2. A system for managing data for one or more objects as inclaim 1 wherein said object data comprises one or more members of theset consisting of: the identity of people that came into contact withsaid object, at least one measurement of at least one environmentalcondition to which said object was exposed, the academic performance ofsaid object, the athletic performance of said object, at least onemeasurement of the medical condition of said object, authentication datafor said object, the price history of said object, and the movement ofsaid object.
 3. A system for managing data for one or more objects as inclaim 1 wherein said control data specifies at least one of said one ormore components from which said one or more tags may receive data.
 4. Asystem for managing data for one or more objects as in claim 1 whereinsaid control data specifies one or more data types that said one or moretags are authorized to receive.
 5. A system for managing data for one ormore objects as in claim 1 wherein said one or more components compriseone or more members of the set consisting of a client computer, adatabase, a server computer, a handheld computer, a mobile device, aninput utility, and a sensor.
 6. A system for managing data for one ormore objects as in claim 1 wherein said one or more tags aremicro-devices that transmit and receive radio-frequency signals.
 7. Amethod for monitoring at least one person using one or more tags thatare associated with the at least one person comprising the steps of:sensing information data at said one or more tags, said information datacomprising one or more of at least one measurement of at least oneenvironmental condition to which the at least one person was exposed orat least one measurement of at least one medical condition of the atleast one person; storing said sensed information data in said one ormore tags; and transmitting at least a portion of said information datafrom said one or more tags.
 8. A method for monitoring at least oneperson as in claim 7 wherein said control data specifies at least onesensor from which said at least one tag may receive data.
 9. A methodfor monitoring at least one person as in claim 8 wherein said controldata specifies one or more data types that said at least one tag isauthorized to receive.
 10. A system for monitoring at least one personcomprising: one or more tags associated with the at least one person,said one or more tags comprising: a sensor sensing data comprising oneor more of the following: at least one measurement of at least oneenvironmental condition to which the at least one person was exposed orat least one measurement of at least one medical condition of the atleast one person; and an electronic component comprising at least onememory for storing said information data and at least one transmitterfor transmitting at least a portion of the data.
 11. A system formonitoring at least one person as in claim 10 further comprising atleast one device for receiving said portion of the data transmitted bysaid electronic component of said one or more tags.
 12. A system formonitoring at least one person as in claim 10 wherein said one or moretags comprise: control data specifying at least one or more devices fromwhich said one or more tags may receive data.
 13. A system formonitoring at least one person as in claim 10 wherein said one or moretags comprise: control data specifying one or more data types that saidone or more tags are authorized to receive.
 14. A system for monitoringat least one person as in claim 11 wherein said at least one devicecomprises one or more members of the set consisting of a clientcomputer, a database, a server computer, a handheld computer, a mobiledevice, an input utility, and a sensor.
 15. A system for monitoring atleast one person as in claim 10 wherein said one or more tags aremicro-devices that transmit and receive radio-frequency signals.
 16. Asystem for managing inventory including one or more objects comprising:one or more tags associated with the one or more objects, the one ormore tags operative to receive data from one or more components and/orto transmit data to the one or more components, said data comprising:(1) data relating to the object associated with the one or more tags,(2) data controlling the operation of the one or more tags, or (3) both;wherein said data relating to the object comprises one or more of thefollowing: a location of the one or more objects, a time at which theone or more objects was at the location, the identity of people thattook or released possession of the one or more objects, the identity ofpeople that came into contact with the one or more objects, at least onemeasurement of at least one environmental condition to which the one ormore objects were exposed, a weight of the one or more objects, a timeat which the one or more objects had the weight, dimensions of the oneor more objects, and a time at which the one or more objects had thedimensions; and wherein said data controlling the operation of the oneor more tags comprises one or more of the following: data for governingwhich of said one or more components can access data from said one ormore tags; data for governing which of said one or more components cantransmit data to said one or more tags; and data for governing thefrequency at which said one or more tags receives said data relating tothe object.
 17. A system for managing inventory as in claim 16 whereinsaid data controlling the operation of said one or more tags specifiesat least one of said components from which said one or more tags mayreceive data.
 18. A system for managing inventory as in claim 16 whereinsaid data controlling the operation of said one or more tags instructssaid one or more tags to periodically transmit certain data.
 19. Asystem for managing inventory as in claim 16 wherein said componentscomprise one or more members of the set consisting of a client computer,a database, a server computer, an input utility, and a sensor.
 20. Asystem for managing one or more objects in a supply chain comprising:one or more tags associated with the one or more objects, said one ormore or more tags comprising: a sensor for sensing information about theone or more objects, said information including at least one of thefollowing: a temperature, a humidity, moisture, an orientation, aposition, and a location; a memory for storing data about the one ormore objects, said data including at least one of the following:ingredients, said information sensed by the sensor; data identifying atleast one manufacturer of the one or more objects; data identifying atleast one transporter of the one or more objects; and data certifyingone or more of the following: the one or more objects, the at least onemanufacturer, and the at least one transporter; and a communicationdevice for sending and receiving the data about the one or more objects.21. A system for managing one or more objects in a supply chain as inclaim 20 further comprising one or more components, at least one of saidcomponents communicating with the one or more tags, said componentsincluding at least one of the following: a device for reading data fromthe one or more tags; a device for writing data to the one or more tags,a database for storing data read from or written to the one or moretags, and a computer for reading or writing data from or to thedatabase.
 22. A system for managing one or more objects in a supplychain as in claim 21 wherein the memory of the tag further comprisesdata to control the one or more tags, said control data comprising oneor more of the following: control data for governing which of said oneor more components can read data from said one or more tags, controldata for governing which of said one or more components can write datato said one or more tags, control data for governing the frequency atwhich data is read from the one or more tags, control data for governingthe frequency at which data is written to the one or more tags, controldata for governing the types of data that can be read from the one ormore tags, and control data for governing the types of data that can bewritten to the one or more tags.